/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.solr.util;

import java.io.IOException;
import java.nio.file.Path;
import java.util.Arrays;
import org.apache.lucene.util.ResourceLoader;
import org.apache.solr.SolrTestCaseJ4;
import org.apache.solr.common.util.IOUtils;
import org.apache.solr.core.SolrResourceLoader;
import org.xml.sax.InputSource;

public class TestSystemIdResolver extends SolrTestCaseJ4 {

  @Override
  public void tearDown() throws Exception {
    System.clearProperty(SolrResourceLoader.SOLR_RESOURCELOADING_RESTRICTED_ENABLED_PARAM);
    super.tearDown();
  }

  private void assertEntityResolving(
      SystemIdResolver resolver, String expectedSystemId, String base, String systemId)
      throws Exception {
    final InputSource is = resolver.resolveEntity(null, null, base, systemId);
    try {
      assertEquals("Resolved SystemId does not match", expectedSystemId, is.getSystemId());
    } finally {
      IOUtils.closeQuietly(is.getByteStream());
    }
  }

  public void testResolving() throws Exception {
    final Path testHome = SolrTestCaseJ4.getFile("solr/collection1").getParent();
    final ResourceLoader loader =
        new SolrResourceLoader(testHome.resolve("collection1"), this.getClass().getClassLoader());
    final SystemIdResolver resolver = new SystemIdResolver(loader);
    final String fileUri = Path.of(testHome + "/crazy-path-to-config.xml").toUri().toASCIIString();

    assertEquals("solrres:/test.xml", SystemIdResolver.createSystemIdFromResourceName("test.xml"));
    assertEquals(
        "solrres://@/usr/local/etc/test.xml",
        SystemIdResolver.createSystemIdFromResourceName("/usr/local/etc/test.xml"));
    assertEquals(
        "solrres://@/test.xml",
        SystemIdResolver.createSystemIdFromResourceName(
            testHome.getFileSystem().getSeparator() + "test.xml"));

    // check relative URI resolving
    assertEquals(
        "solrres:/test.xml",
        resolver.resolveRelativeURI("solrres:/base.xml", "test.xml").toASCIIString());
    assertEquals(
        "solrres://@/etc/test.xml",
        resolver
            .resolveRelativeURI("solrres://@/usr/local/etc/base.xml", "../../../etc/test.xml")
            .toASCIIString());
    // special case: if relative URI starts with "/" convert to an absolute solrres://@/-URI
    assertEquals(
        "solrres://@/a/test.xml",
        resolver.resolveRelativeURI("solrres:/base.xml", "/a/test.xml").toASCIIString());
    // test, that resolving works if somebody uses an absolute file:-URI in a href attribute, it
    // should be preserved
    assertEquals(
        fileUri, resolver.resolveRelativeURI("solrres:/base.xml", fileUri).toASCIIString());
    assertEquals(
        "solrres:/base.xml",
        resolver.resolveRelativeURI(fileUri, "solrres:/base.xml").toASCIIString());

    // do some real resolves to InputStreams with real existing files
    assertEntityResolving(resolver, "solrres:/schema.xml", "solrres:/solrconfig.xml", "schema.xml");
    assertEntityResolving(
        resolver,
        "solrres:/org/apache/solr/util/TestSystemIdResolver.class",
        "solrres:/org/apache/solr/util/RTimer.class",
        "TestSystemIdResolver.class");
    assertEntityResolving(
        resolver,
        SystemIdResolver.createSystemIdFromResourceName(testHome + "/collection1/conf/schema.xml"),
        SystemIdResolver.createSystemIdFromResourceName(
            testHome + "/collection1/conf/solrconfig.xml"),
        "schema.xml");

    // if somebody uses an absolute uri (e.g., file://) we should fail resolving:
    IOException ioe =
        expectThrows(
            IOException.class,
            () -> {
              resolver.resolveEntity(null, null, "solrres:/solrconfig.xml", fileUri);
            });
    assertTrue(ioe.getMessage().startsWith("Cannot resolve absolute"));

    ioe =
        expectThrows(
            IOException.class,
            () -> {
              resolver.resolveEntity(
                  null, null, "solrres:/solrconfig.xml", "http://lucene.apache.org/test.xml");
            });
    assertTrue(ioe.getMessage().startsWith("Cannot resolve absolute"));

    // check that we can't escape with absolute file paths:
    for (String path : Arrays.asList("/etc/passwd", "/windows/notepad.exe")) {
      ioe =
          expectThrows(
              IOException.class,
              () -> {
                resolver.resolveEntity(null, null, "solrres:/solrconfig.xml", path);
              });
      assertTrue(
          ioe.getMessage().startsWith("Can't find resource")
              || ioe.getMessage().contains("access denied")
              || ioe.getMessage().contains("is outside resource loader dir"));
    }
  }

  public void testUnsafeResolving() throws Exception {
    System.setProperty(SolrResourceLoader.SOLR_RESOURCELOADING_RESTRICTED_ENABLED_PARAM, "false");

    final Path testHome = SolrTestCaseJ4.getFile("solr/collection1").getParent();
    final ResourceLoader loader =
        new SolrResourceLoader(testHome.resolve("collection1"), this.getClass().getClassLoader());
    final SystemIdResolver resolver = new SystemIdResolver(loader);

    assertEntityResolving(
        resolver,
        SystemIdResolver.createSystemIdFromResourceName(testHome + "/crazy-path-to-schema.xml"),
        SystemIdResolver.createSystemIdFromResourceName(testHome + "/crazy-path-to-config.xml"),
        "crazy-path-to-schema.xml");
  }
}
